Security Onion 20120329 is now available! This resolves the following issues:
Issue 114: Provide single location for configuring BPF filters
Issue 224: typo in nsm_sensor-ps-start
Issue 242: Set Suricata runmode to autofp
Issue 243: Remove VLAN setting from pcap_agent.conf
Notes
As you can see in the screenshot below, this update will create a bpf.conf file for each sensor interface on your system. For example, if you have two sensor interfaces (eth0 and eth1), you'll now have two bpf.conf files:
/etc/nsm/$HOSTNAME-eth0/bpf.conf
/etc/nsm/$HOSTNAME-eth1/bpf.conf
The NSM scripts now pass the "-F /etc/nsm/$HOSTNAME-$INTERFACE/bpf.conf" to Snort and Suricata and "-f /etc/nsm/$HOSTNAME-$INTERFACE/bpf.conf" to daemonlogger. However, Suricata's afpacket mode currently doesn't support bpf. I've created Suricata feature request #440 for this.
New Users
New users can download and install the 20120125 ISO image using the instructions here. The step marked "Install Security Onion updates" will automatically install this update.
In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"
Screenshots
Upgrade Process |
If you have any questions, please join our mailing list and ask away!
http://groups.google.com/group/security-onion
Thanks!
Thanks to the following for their help in testing this release!
Craig Shannon
Scott Runnels
Help Wanted!
Security Onion needs you! Please see the new Team Members page on the wiki!
Want to learn more about Intrusion Detection?
Doug Burks will be teaching SANS 503 Intrusion Detection In-Depth in Augusta, GA in June! For more information, please see:
http://securityonion.blogspot.com/2012/03/sans-is-coming-to-augusta-ga-in-june.html